From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 2 Oct 2017 07:16:50 +0000 (+0200)
Subject: seccomp: port @privileged to use @reboot + @swap
X-Git-Tag: v235~5^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6999%2Fhead;p=thirdparty%2Fsystemd.git

seccomp: port @privileged to use @reboot + @swap

Let's reuse two groups we already defined to make @privileged a bit
shorter.
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index f053b6353e8..14a75bfffeb 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -628,17 +628,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "@clock\0"
                 "@module\0"
                 "@raw-io\0"
+                "@reboot\0"
+                "@swap\0"
                 "_sysctl\0"
                 "acct\0"
                 "bpf\0"
                 "capset\0"
                 "chroot\0"
-                "kexec_file_load\0"
-                "kexec_load\0"
                 "nfsservctl\0"
                 "pivot_root\0"
                 "quotactl\0"
-                "reboot\0"
                 "setdomainname\0"
                 "setfsuid\0"
                 "setfsuid32\0"
@@ -651,8 +650,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setreuid32\0"
                 "setuid\0"
                 "setuid32\0"
-                "swapoff\0"
-                "swapon\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {